Sunday , December 15 2019

Creating two way Transitive Trust in Windows Server

Let’s see how to build a “Two way Transitive Trust” . You need to have a proper DNS resolution working two way.

There are different types of trusts, “Two way Transitive Trust“ is the most used and less complicated trust where both the organizations will have all the permissions over the organizations. It doesn’t fit all the scenarios. But most of them.

This will be the Initial Step if your going to do a cross forest migration between two messaging environments or migrate your Active Directory into single domain or coexist to share permissions between two forest.

Source domain – sourceazure365pro.com

Target Domain – targetazure365pro.com

Open Active Directory Domains and Trusts.

Start – Administrative Tools – Active Directory Domains and Trusts

image

Click on “New Trust”

image

Am Typing the “Netbios” or root the domain name name of the Target forest

image

Click on Forest Trust

image

Click on “Two-way” as we are going to setup – Two way Transitive Trust

image

Click on “Both this domain and the Specified domain”

image

Type the Target domain Administrator Credentials

domainname\username

password

image

Click on “Forest-Wide Authentication”

Outgoing Trust Authentication Level – Local Forest

image

Outgoing Trust Authentication Level – Specified Forest

image

image

In the confirm outgoing trust, choose Yes, Confirm the outgoing trust option. Click Next.

In the confirm incoming trust, choose Yes, Confirm the incoming trust option. Click Next.

Choose Yes

The trust relationship has been created successfully in this domain controller. Click Finish.

You can now view the trust relationship from the trusts tab as shown above

You can test by sharing the folder from source domain to target domain or vice versa. Assigning permission to users located from the other side of the forest.

You can see the trusts has been created

image

After Creation “ Click on Validate to verify the Trusts”

image

Enter the Target domain Credentials

image

Its always good to validate the trusts , as a confirmation , that we did the right thing

image

Choose Yes

image

Now you can see the Trusts populated in the target domain

image

Two way transitive Trusts between domains is valid and active now.

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Office Server and Services MVP , Publisher of Azure365pro.com. Specialized in Office365 / Microsoft Exchange / Virtualization , Sathesh is an Messaging Expert supporting/Designing/Deploying many medium size businesses to large enterprises when it comes to Corporate messaging and Virtualization Infrastructure

Check Also

Creating drop down F5 APM

Lets see how to Create a drop down in F5 APM Access Profile Choose the …

4 comments

  1. Hello,

    After proceeding with your steps at the final stage i get Cannot logon error between domains
    Is there something i miss? Also when i follow your instructions i dot see the windows showed in images 9 and 10.

    Both of my servers run under:
    Windows server 2008 r2 enterprise
    Exchange server 2010 sp1

    All I want to move the users from first server to my newly installed server. If there is another way for moving all the accounts from source server to destination server would save me a lot of time asking experts will help me a lot thanks 🙂

  2. Hai,
    i follwed your steps it works fine for me……… Thanks

  3. Ports/Other Network Pre-requisites

    Hi, Can you please confirm what are the Ports/Network pre-requisites for establishing Firest trust between 2 domains.

Leave a Reply

Your email address will not be published.